Hi all,

This is a summary of ruby-dev ML in these days.

[ruby-dev:24183] CGI::Session problem again

  (posted by Shugo Maeda)

  Gotou Yuuzou pointed out that the previous cgi/session fix is insufficient
  because local users can estimate process IDs and the system time.
  He wrote an exploit code and it can crack CGI session in a minute.

  This local exploit has NOT been fixed yet.

[ruby-dev:24203] $~ alternative

  Shugo Maeda proposed a new multiple assignment scheme to provide an
  alternative of $~ variable.  His proposal is similar to the one of
  Common Lisp:

    a = 1, 2, 3
    p a   #=> 1

    *a = 1, 2, 3
    p a   #=> [1, 2, 3]

  This rule allows to let methods return additional values without
  breaking backward compatibility.

    idx = "foo bar".index(/oo/)      # compatible with current code
    idx, m = "foo bar".index(/oo/)   # m = $~

    "foo bar".gsub(/oo/) do |str|     # compatible with current code
      ....
    end
    "foo bar".gsub(/oo/) do |str, m|  # m = $~
      ....
    end

  On the other hand, this scheme breaks codes which use
  `auto composite' feature of multiple assignment:

    h = {1=>3, 2=>9, 3=>27}
    h.each do |pair|
      p pair     #=> [1,3] now, but 1 by this proposal
    end

[ruby-dev:24231] system("")

  TANAKA Akira pointed out that system("") produces error while perl
  gracefully ignores it.

  This issue is still open.

[ruby-dev:24234] ?/! suffix for setter methods

  NOWAKE proposed to allowing ?/! suffix for setter methods (xxx!=).

  This issue is still open.

-- Minero Aoki

ruby-dev summary index:
http://i.loveruby.net/en/ruby-dev-summary.html